<?php
    include 'prelude.php';
    
    if ( isset( $_POST['username'] ) ) {
        $username = $_POST['username'];
		$username = htmlspecialchars(addslashes($username));
        $password = md5(sha1($_POST['password']));
        $res = mysql_query(
            'SELECT
                userid
            FROM
                users
            WHERE
                username = "' . $username . '"
                AND password = "' . $password . '"
            LIMIT 1;'
        );
        if ( mysql_num_rows( $res ) == 1 ) {
            $user = mysql_fetch_array( $res );
            $_SESSION['username'] = $_POST['username'];
            $_SESSION['userid'] = $user['userid'];
            echo "<script> window.location = \"./index.php\"</script>";
        }
        else {
            echo "<script> window.location = \"./index.php?error=true\"</script>";
        }
    }
    else {
        echo "<script> window.location = \"./index.php?error=true\"</script>";
    }
?> 
